FreecivCVEs & Vulnerabilities

6 CVEs affecting Freeciv products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

freeciv 15
CVE-2022-39047HIGH

Freeciv before 2.6.7 and before 3.0.3 is prone to a buffer overflow vulnerability in the Modpack Installer utility's handling of the modpack URL.

31 Aug 2022
8.8
CVSS
CVE-2012-6083HIGHpoc

Freeciv before 2.3.3 allows remote attackers to cause a denial of service via a crafted packet.

23 Jan 2020
7.5
CVSS
CVE-2012-5645HIGH

A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when processed would lead to memory exhaustion or excessive CPU consumption.

30 Dec 2019
7.5
CVSS
CVE-2010-2445CRITICAL

freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the (1) os, (2) io, (3) package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8) require modules or functions.

8 Jul 2010
10.0
CVSS
CVE-2006-3913HIGH

Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul 2006 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) negative chunk_length or a (2) large chunk->offset value in a PACKET_PLAYER_ATTRIBUTE_CHUNK packet in the generic_handle_player_attribute_chunk function in common/packets.c, and (3) a large packet->length value in the handle_unit_orders function in server/unithand.c.

28 Jul 2006
7.5
CVSS
CVE-2006-0047MEDIUMpoc

packets.c in Freeciv 2.0 before 2.0.8 allows remote attackers to cause a denial of service (server crash) via crafted packets with negative compressed size values.

7 Mar 2006
5.0
CVSS
← PrevPage 1 / 1Next →